Monday, May 30, 2011

There are many reasons you could need setting file and folder ownership on a Windows file server. In my case I had to take care of the file ownership because I have been migrating our users' home folders to a NetApp volume with user quotas set. A quota is intended to limit the amount of disk space and the number of files that a particular user or group can consume. As far as I have understood, Netapp quota application mechanism is not based on home folders size but, and this is new to me, on real file ownership.

In fact, as stated on the NetApp website, quota calculation of NTFS qtrees is always allocated to the user’s Windows SID. This means that the NetApp is aware of all the files that belong to a user no matter where they are located on the volume. So, even if these files are scattered about your file system and not located in a single place, the NetApp will be able to tell you exactly how much space is allocated to a Windows user (through his SID) via the "quota report" command.

Unfortunately, in my case I had robocopied all the contents and ACLs from our old Windows file server to a brand new NetApp filer and discovered that the NetApp wasn't reporting any user quota. This is due to the fact that I did not had copied the owner flag when I used Robocopy and so the filer reported that every file was owned by builtin\administrators... and that no user quotas where enforced...

File ownership tab under Windows Security

After a short investigation I found out that I had to re-apply correct file onwership for the filer to be aware of real user quota usage.

So, lets see which is the option I've chosen to set file ownership when Robocopy had already been done. For its simplicity I decided to use Fileacl.exe which is a wonderful tool when you have well learned its syntax. You can find it here and it is free...

The /O switch gives ownership to the trustee (it requires TakeOwnership privilege - use "whoami /all" to check you have it). Using the /sub switch will force Fileacl to run through all the subfolders and the /files switch will ensure that ownership is sent down to each single file.

So the output of this command will be: OwnerShip GIVEN TO TRUSTEE your_company\Billy BOB on \\netapp\drive\users-home\billy bob

Simple, right?

Of course I could have used powershell but in this case I was struck by the simplicity of Fileacl and decided to stick to it.

I hope this helps. Do not hesitate to leave a comment on this post if it was useful to you!